News

Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

in brief  If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick.…

Researchers point to evidence that scumbags visited the strategy boutique

Researchers at Palo Alto's Unit 42 believe the INC ransomware crew is no more and recently rebranded itself as Lynx over a three-month period.…

Cyberspies abusing a backdoor? Groundbreaking

Lawmakers are demanding answers about earlier news reports that China's Salt Typhoon cyberspies breached US telecommunications companies Verizon, AT&T, and Lumen Technologies, and hacked their wiretapping systems. They also urge federal regulators to hold these companies accountable for their infosec practices - or lack thereof.…

Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops

Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal data on people involved in accidents.…

What's harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates?

Keir Starmer's decision to appoint Poppy Gustafsson as the UK's new investment minister is being resoundingly praised despite the former Darktrace boss spending years failing to fully rebuild investor confidence in the embattled company.…

It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week

The FBI created its own cryptocurrency so it could watch suspected fraudsters use it – an idea that worked so well it produced arrests in three countries.…

Acknowledges bulk customer data leak weeks after Telegram channels dangled it online

Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online.…

But hey, no worries, the firm claims no evidence of data misuse

Fidelity Investments has notified 77,099 people that their personal information was stolen in an August data breach. …

Unlock the power of generative AI with AWS

Webinar  Generative AI (GenAI) has quickly transitioned from an emerging concept to a core driver of innovation across lots of different industries.…

Researcher spots 110 TB of sensitive info sitting in unprotected database

Nearly 32 million records belonging to users of tech from Trackman were left exposed to the internet, sitting in a non-password protected database, for an undetermined amount of time, according to researcher Jeremiah Fowler.…

Usual three-week window to address significant risks to federal agencies applies

The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.…

Firefixed: It's maintenance time for low-complexity, high-impact security flaw

It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.…

Let the SANS AI Toolkit promote secure and responsible use of AI tools in the workplace

Sponsored Post  It's Cybersecurity Awareness Month again this October - a timely reminder for public and private sector organisations to work together and raise awareness about the importance of cybersecurity.…

Apply comprehensive security with access control, secure coding, infrastructure protection and AI governance

Partner Content  As generative AI (GenAI) becomes increasingly integrated into the corporate world, it is transforming everyday operations across various industries.…

Two arrested after allegedly trying to make off with their ill-gotten gains

The alleged administrators of the infamous Bohemia and Cannabia dark web marketplaces have been arrested after apparently shuttering the sites and trying to flee with their earnings.…

31 million users' usernames, email addresses and salted-encrypted passwords are out there

The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.…

USB sticks help, but it's unclear how tools that suck malware from them are delivered

A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of custom malware, according to researchers from antivirus vendor ESET.…

Regulators know this is a nightmare and have done little to stop it. Privacy advocacy group wants that to change

Smart TVs are watching their viewers and harvesting their data to benefit brokers using the same ad technology that denies privacy on the internet.…

Intruders stayed for free on the network between 2014 and 2020

Marriott has agreed to pay a $52 million penalty and develop a comprehensive infosec program following a series of major data breaches between 2014 and 2020 that affected more than 344 million people worldwide.…

One-man-band faces a mountain of lawsuits but has few assets

The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting "hundreds of millions" of people were potentially affected in one of the largest information leaks of the year.…